Is aisadocs/openclaw-aisa-finance-equity-crypto-price-market-data-news safe?

https://github.com/openclaw/skills/tree/main/skills/aisadocs/openclaw-aisa-finance-equity-crypto-price-market-data-news

93
SAFE

MarketPulse is a legitimate financial data skill that wraps the AIsa API for equities and cryptocurrency data. The SKILL.md contains no prompt injection content, the Python client is a clean stdlib-only API wrapper with no credential harvesting, dangerous execution patterns, or unexpected network destinations, and installation was limited to a standard GitHub HTTPS clone with no canary file compromise or post-install persistence. The residual risks are standard for any pay-per-use external API skill: query metadata is logged by the provider, agent-driven bulk queries could accumulate costs, and the comprehensive financial data access scope warrants awareness when pairing this skill with others.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 92/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 93/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 83/100 · 5%

Findings (6)

INFO Template placeholder {baseDir} in usage examples -5

SKILL.md uses {baseDir} as a placeholder in Python invocation examples. This is a standard pattern requiring the host to substitute the actual installation path before injecting SKILL.md into an agent context. No adversarial instruction content present.

INFO Executable Python script bundled as skill interface -10

scripts/market_client.py is a well-structured stdlib-only Python CLI wrapper. Inclusion of executable code is expected for this skill type. No dangerous patterns (subprocess, eval, exec, file writes, dynamic imports) are present. The script's sole behavior is constructing HTTPS requests to api.aisa.one based on CLI arguments.

LOW Query metadata logged at third-party API provider -8

All financial data queries are transmitted to api.aisa.one. While this is the intended and documented behavior, the API provider logs which tickers are researched, at what frequency, and from which API key. Users should consider that their financial research patterns are visible to the AIsa service.

INFO Installation limited to GitHub HTTPS clone with sparse checkout -7

The install process performed a shallow sparse-checkout clone of the openclaw/skills monorepo over HTTPS (140.82.121.3:443), extracted only the target skill subdirectory, and cleaned up the temp clone. No unexpected network destinations, no post-install persistence mechanisms.

LOW API key value exposed in shell history via curl examples -7

SKILL.md provides curl invocation examples that expand $AISA_API_KEY inline as a Bearer token. If an agent or user runs these commands in a shell, the resolved key value is written to shell history files in plaintext.

LOW Pay-per-use API model enables cost accumulation via agent manipulation -10

Every API call incurs a cost between $0.0005 and $0.002. A crafted user prompt could instruct the agent to make bulk historical data queries (e.g., minute-level prices for many tickers over long date ranges) at scale, draining the user's AISA_API_KEY credit balance without explicit user awareness.